Campus VPN now requires 2-Factor Authentication

In an effort to improve the security of our VPN connections, Campus will be incorporating Duo Security as a two-factor authentication (2FA) solution into our existing VPN infrastructure. Two-factor authentication provides a second layer of security to your login, requiring extra information or a physical device to log in, in addition to your password. By requiring two different channels of authentication, we can protect user logins from remote attacks that may exploit stolen usernames and passwords.

Why do we need two-factor authentication?
Login credentials are more valuable than ever and are increasingly easy to compromise. Over 90% of breaches today involve compromised usernames and passwords. Two-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.

To learn more about two-factor authentication, watch this video.


How will Duo change my login experience?

When logging into Global Protect VPN, you will still enter your username and password. After inputting your login information, Duo will require you to complete a method of second-factor authentication. Duo does not replace or require you to change your username and password. Think of Duo as a layer of security added to your pre-existing login method.

To learn more about your experience using two-factor authentication, watch this video.


Action Required:


By November 9th
, please go to the DUO self-registration portal to enroll your 2nd factor authentication method. If you are on-campus please go to https://duoportal.sdsu.edu to register. To login use your current SDSUid credentials. If you have a current VPN connection using just your username and password, you can still use that to access this link. In the event you don’t have access to your VPN account and are not on-campus, please use this this link: http://l.sdsu.edu/duoportal-external to access the portal off-campus. Please note, you may be asked to login twice with your SDSUid. Once you are in the portal, follow the self-enrollment process to register your phone and install the Duo Mobile application. If you do not have a smartphone, you can enroll a regular cell phone (SMS text messages + calls) or use a SDSU desk phone landline (calls) for two-factor authentication.

For more information on how to enroll your devices and about DUO / VPN please go to our Security Portal on the SDSU Intranet.

SDSU DUO Enrollment / VPN Guides:

IAM Services – http://l.sdsu.edu/iamservices
VPN Services – http://l.sdsu.edu/vpnservices

What will happen after November 9th?

Two-factor authentication (2FA) will be enforced and required for all VPN users. You will have until November 9th to self-enroll your second factor authentication method. After this date, access to Global Protect VPN will require Duo two-factor authentication. You will no longer be able to access VPN with just your AD credentials.

 

If you have any questions, please feel free to contact us at security@sdsu.edu

 
 

About the author

More posts by